MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bea14bf33ee96e421ee01e5212973c20046fbac08a02e07e5d6bb7112db82386. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bea14bf33ee96e421ee01e5212973c20046fbac08a02e07e5d6bb7112db82386
SHA3-384 hash: a47014a134559dadab61cf596ada268651600c68735427f6cebe2debe061a6eef37ab427c59fdd6723be04d3401080ac
SHA1 hash: 5bd738c1738a63aa1b229a7c0f03a21d0f80a844
MD5 hash: 07fde275acbd90a10f43efe04f05e962
humanhash: helium-comet-april-nuts
File name:mwbazaar.exe
Download: download sample
File size:12'547'600 bytes
First seen:2023-07-08 09:22:15 UTC
Last seen:2023-07-08 09:22:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 803f042b6c8e16a7b4e39cbb5772b32f
ssdeep 196608:aCFzl1i8St9HycqMi+wU+hUxYq/CyD2BV4oZQGtK6A1ixoXjCB7vw9Iz/K9cP5dV:LlU8SPH3ni/UxjCjBV4oZHAYn9Y9IzbB
Threatray 371 similar samples on MalwareBazaar
TLSH T19CC633EB5A81AF42DB0391B7D82790468815E9F4EF432228B01F9DEE23D904D9FF56D1
TrID 32.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
28.9% (.EXE) Win32 Executable (generic) (4505/5/1)
13.0% (.EXE) OS/2 Executable (generic) (2029/13)
12.8% (.EXE) Generic Win/DOS Executable (2002/3)
12.8% (.EXE) DOS Executable Generic (2000/1)
Reporter kirda
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
297
Origin country :
TR TR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
anyrun.exe
Verdict:
Malicious activity
Analysis date:
2023-07-08 08:28:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ae6e9975-b881-470d-acda-6b4199ca8986

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/411643/
Detection(s):
SecuriteInfo.com.BScope.TrojanSpy.AveMaria.24898.9395.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file
Creating a file in the %temp% directory
Enabling the 'hidden' option for files in the %temp% directory
Using the Windows Management Instrumentation requests
Сreating synchronization primitives
Searching for the window
Creating a window
DNS request
Searching for synchronization primitives
Moving a file to the %temp% directory
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
hacktool lolbin packed packed shell32
Link:
https://www.filescan.io/uploads/64a92af79bd9f933fbb8ee80/reports/3ed7930b-7213-42e6-9924-099c64a0a76f/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/bea14bf33ee96e421ee01e5212973c20046fbac08a02e07e5d6bb7112db82386
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f52faf43-ac35-4058-ae63-e571c0ba6fd9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bea14bf33ee96e421ee01e5212973c20046fbac08a02e07e5d6bb7112db82386/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-08 09:23:06 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x2qux4z65fxeehxadzjbffz4eacg7owariboa7s5no3rclnyeoda._file
Verdict:
unknown
Similar samples:
146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4
48fe1f7de453f1c52b9c1e8f16017e2a39f7cf45ba57748809196f9fd3fcb63e
5c43e762e23599c29a344fabf02fe235e79c9e4697da49d0a17334979faa3920
b58cdc2d1c18a58083eb52574470507f85e085d80f2c2df106c208ed2cd2641f
c17002f0e688dd34ca4bde9cc512df3ee4d5b1a069b20f908ba653ff02853be4
c453fa7865fcd57e919c73ce9a1959ec6af0228edb56d021529e4dd62441ee08
cfb5c20ec8d95c35f7edb8743084d4491e43c62c575cf0102b4f6781c50689de
da7f9295ea96e5490723111c7aeb2263f724a550e4780b91af918b63d8c9ffbf
dd1d7a4709d9cbd633549404b9ee292a15c672968874bd40a858ee29da6c9b9e
+ 361 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
discovery evasion trojan
Link:
https://tria.ge/reports/230708-lcf2dsdf46/
Behaviour
Checks SCSI registry key(s)
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks installed software on the system
Checks whether UAC is enabled
Checks BIOS information in registry
Loads dropped DLL
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Unpacked files
SH256 hash:
6851e02d3f4b8179b975f00bbc86602a2f2f84524f548876eb656db7ea5eaa9c
MD5 hash:
c5124caf4aea3a83b63a9108fe0dcef8
SHA1 hash:
a43a5a59038fca5a63fa526277f241f855177ce6
Link:
https://www.unpac.me/results/3e8bf814-aafd-47ec-91c2-3936f4598ea3/
SH256 hash:
bea14bf33ee96e421ee01e5212973c20046fbac08a02e07e5d6bb7112db82386
MD5 hash:
07fde275acbd90a10f43efe04f05e962
SHA1 hash:
5bd738c1738a63aa1b229a7c0f03a21d0f80a844
Link:
https://www.unpac.me/results/3e8bf814-aafd-47ec-91c2-3936f4598ea3/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/bea14bf33ee9/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bea14bf33ee96e421ee01e5212973c20046fbac08a02e07e5d6bb7112db82386

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_Themida
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with Themida

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/411643/

Comments